The invention relates to a method for combining data with an apparatus which is provided for processing the data. The data to be combined with the apparatus include, particularly as intellectual property of a rights owner, a product description or the like. The combination of the respective data with the apparatus is intended to ensure that the data can only be used on the respective apparatus or in conjunction with the respective apparatus. Such a combination protects the intellectual property of the rights owner against unauthorized use, replication and so on.
The following discussion of related art is provided to assist the reader in understanding the advantages of the invention, and is not to be construed as an admission that this related art is prior art to this invention.
Previous approaches to solving this problem have been based on the use of special hardware which is protected against access by unauthorized parties. In such a scenario, the data to be transmitted can be protected using a method such as is known from Digital Rights Management (DRM). In this case, a rights owner generates at least one “rights object” so that he can commission a service provider to perform activities which he cannot or does not wish to perform himself without losing control of his intellectual property. For the use of such rights objects, the service provider first of all generates a key pair, and a first key portion is transmitted to the rights owner, while the second key portion remains with the service provider. The rights owner for his part generates a key which is unknown to the service provider and embeds it into a rights object. Finally, the rights object is encrypted using the key portion received from the service provider, so that the service provider, upon receiving the rights object, can decrypt it using its key portion and is thus provided with access to the key contained in the rights object. This key in turn allows access to the data.
Such an approach would leave the key and the data in unencrypted form on the apparatus, however. A hacker gaining access to the respective apparatus can therefore obtain the data and/or the key and use the respective data, or possibly even use the key to gain access to other data. The same also applies to the service provider itself if it has only restricted rights, or to its staff. Direct access to the file would bypass the restrictions. To prevent this, special hardware for the respective apparatus has previously been contemplated which is protected against unauthorized access by third parties, so that third parties, that is to say neither a hacker nor the service provider, gain neither access to the data nor the key in such a case. A piece of hardware with such access protection is also referred to a “tamper-proof”. However, such hardware or functionality implementing the access protection in such a piece of hardware is expensive.
It would therefore be desirable and advantageous to address this problem and to obviate other prior art shortcomings by providing a method for combining data with an apparatus in which no special hardware is required for adequate protection.